OpenDNS with PiHole not blocking porn

Follow
Avatar
jamzieth

I have configured my network to use my PiHole for DNS and for the PiHole to use 208.67.222.222, 208.67.220.220 and 2620:119:35::35#53 (there just in case but my DHCP server doesn't serve v6) as the upstream servers. In OpenDNS, I have set the web filtering to Low (which includes porn) but porn still isn't being blocked.

When I test using the OpenDNS test sites, I get confirmation I am using OpenDNS and that phishing website are blocked but the adult sites seem to still work.

My OpenDNS dashboard also doesn't seem to be showing any requests but I've read this could take 24 hours to populate.

Can anyone please help?

0

Comments

9 comments

Sort by Date Votes
  • Avatar
    rotblitz (Edited )

    The resolver 2620:119:35::35#53 does not make use of your dashboard settings.  You need to use the IPv4 replacement addresses like  ::ffff:d043:dedc  and  ::ffff:d043:dcde

    "there just in case but my DHCP server doesn't serve v6"

    LOL, we are talking about DNS, not about DHCP.

    0
    Comment actions Permalink
  • Avatar
    jamzieth

    Thanks for the quick reply and just to be on the safe side I have made this change but it shouldn't and doesn't make any difference.  I do not use IPv6 inside my network or outside so nothing will use these to resolve:

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Ok, you do not seem to forward your DNS queries to OpenDNS, check at http://welcome.opendns.com/
    If this is the case, you're not using OpenDNS at all, especially not the dashboard settings.

    Copy & paste the complete plain text output of the following diagnostic commands from an end user device to here:

    nslookup -type=txt debug.opendns.com. 208.67.220.220
    nslookup -type=txt which.opendns.com.
    nslookup whoami.akamai.net.

     

    0
    Comment actions Permalink
  • Avatar
    jamzieth

    Thanks for your reply.  Here are my outputs.

    nslookup -type=txt debug.opendns.com. 208.67.220.220

    Server: 208.67.220.220

    Address: 208.67.220.220#53

     

    Non-authoritative answer:

    debug.opendns.com text = "server r1.lon"

    debug.opendns.com text = "flags 40020 0 8050 180000000000000000003950000000000000000"

    debug.opendns.com text = "originid 417079200"

    debug.opendns.com text = "actype 2"

    debug.opendns.com text = "bundle 12690742"

    debug.opendns.com text = "source 86.188.39.98:62237"

     

    nslookup -type=txt which.opendns.com.

    Server: 192.168.1.200

    Address: 192.168.1.200#53

     

    Non-authoritative answer:

    which.opendns.com text = "r3.lon"

     

    Authoritative answers can be found from:

     

    nslookup whoami.akamai.net.

    Server: 192.168.1.200

    Address: 192.168.1.200#53

     

    Non-authoritative answer:

    Name: whoami.akamai.net

    Address: 208.69.34.82

     

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Everything’s fine. Your dashboard settings should take affect.

    0
    Comment actions Permalink
  • Avatar
    jamzieth

    Thanks for all your help.  Looks like I had initially set it up correctly (minus the ipv6 addresses) it just looks like it takes 24 hours to initially kick in.

    Not a problem for me but worth noting if anyone needs to set this up to keep innocent little eyes innocent.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    That assumption is wrong.  Just the logs and stats become active after 24 hours.  Filtering and blocking are available instantly.  If not, then you have a caching problem and must flush your local DNS caches, the local resolver cache and the browser cache.  There can be many more reasons for not working, but they are almost local to the end user device being used.

    0
    Comment actions Permalink
  • Avatar
    jamzieth

    Usually I would agree with you but this is a brand new lab with a brand new setup of everything in it. Nothing has been cached, nothing has been previously browsed, nothing has been previously requested. It just didn’t work for 24 hours.

    An anomaly I am sure but that’s what it is. I have a “small” amount of knowledge in this area but unfortunately no previous experience with OpenDNS.

    My testing of other services (in replica labs) have been instant.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Whatever it was, it cannot be investigated any longer, because it has gone.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post